CVE-2026-32865 - Vulnerability Analysis
CriticalCVSS: 9.8Last Updated: March 20, 2026
OPEXUS eComplaint and eCASE - Authentication Bypass
Overview
OPEXUS eComplaint and eCASE < 10.1.0.0 contain an authentication bypass caused by inclusion of secret verification code in HTTP response during password reset, letting attackers reset passwords without answering security questions, exploit requires knowing a user's email address.
Severity & Score
Impact
Attackers can reset user passwords and security questions without verification, leading to account takeover.
Mitigation
Update to version 10.1.0.0 or later.
References
Social Media Activity(1 post)
š“ CVE-2026-32865 - Critical (9.8) OPEXUS eComplaint and eCASE before version 10.1.0.0 include the secret verification code in the HTTP response when requesting a password reset via 'ForcePasswordReset.aspx'. An attacker who knows an existing user's email address can reset the user... š https://www.thehackerwire.com/vulnerability/CVE-2026-32865/ #CVE #vulnerability #infosec #cybersecurity #security #Tenda #patchstack
View original postRelated Resources
Details
- CVE ID
- CVE-2026-32865
- Severity
- Critical
- CVSS Score
- 9.8
- Type
- broken_authentication
- Status
- unconfirmed
- EPSS
- 4.1%
- Social Posts
- 1
CWE
- CWE-200
CVSS Metrics
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H